Cinder API server disagrees with USE_SSL=True
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
devstack |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
I am using a Ubuntu 14.04 VM to play with devstack. To reproduce the bug:
1. copy the sample local.conf to devstack root dir
2. add USE_SSL=True
3. run stack.sh and you'll encounter this
2016-01-13 19:04:55.008 | + openstack volume type create --property volume_
2016-01-13 19:05:07.059 | SSL exception connecting to https:/
2016-01-13 19:05:07.115 | + exit_trap
Cinder eventlet server does not appear to support SSL at all (i.e. it does not convey the use_ssl param to oslo.service).
https:/
https:/
If I understand the code correct, the only way to enable SSL for Cinder API server would be to run in in Apache mod_wsgi
CINDER_
Unfortunately, setting the above, in conjunction with USE_SSL=True wont' work either because we are checking specifically for c-api, not cinder service, when configuring the SSL options in mod_wsgi.
https:/
We don't seem to distinguish c-api and c-volume for enabling SSL for Cinder as a whole. So we have two choices,
1. continue on the current path and treat Cinder as a whole when deciding on whether to enable SSL. In other words, if USE_SSL is set to True for Cinder, both c-api and c-volume will get SSL
2. treat c-api and c-volume as separate services, just like how Swift is doing it
Fix proposed to branch: master /review. openstack. org/267249
Review: https:/